CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 1CVE-2021-3796 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2021-3796
vim is vulnerable to Use After Free vim es vulnerable a un Uso de memoria Previamente Liberada A use-after-free vulnerability in vim could allow an attacker to input a specially crafted file leading to memory corruption and a potentially exploitable crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://www.openwall.com/lists/oss-security/2021/10/01/1 https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3 https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4 https://lists.fedo • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-19144
https://notcve.org/view.php?id=CVE-2020-19144
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'. Un desbordamiento del búfer en LibTiff versión v4.0.10, permite a atacantes causar una denegación de servicio por medio de la función "in _TIFFmemcpy" en el componente "tif_unix.c" • http://bugzilla.maptools.org/show_bug.cgi?id=2852 https://gitlab.com/libtiff/libtiff/-/issues/159 https://lists.debian.org/debian-lts-announce/2021/10/msg00004.html https://security.netapp.com/advisory/ntap-20211004-0005 • CWE-787: Out-of-bounds Write •
CVSS: 8.6EPSS: 0%CPEs: 5EXPL: 1CVE-2021-3770 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2021-3770
vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable a un Desbordamiento del Búfer en la región Heap de la memoria. • http://www.openwall.com/lists/oss-security/2021/10/01/1 https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9 https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2CJLY3CF55I2ULG2X4ENXLSXAXYW5J4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4FFQARG3LGREPDZRI4C7ERQL3RJKEWQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.4EPSS: 0%CPEs: 56EXPL: 0CVE-2021-3712 – Read buffer overruns processing ASN.1 strings
https://notcve.org/view.php?id=CVE-2021-3712
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. • http://www.openwall.com/lists/oss-security/2021/08/26/2 https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12 https://kc.mcafee.com/corporate/index?page=content&id=SB10366 https://lists.apache.org/thread.html/r18995de860f0e63635f3008f • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 6%CPEs: 42EXPL: 0CVE-2021-3711 – SM2 Decryption Buffer Overflow
https://notcve.org/view.php?id=CVE-2021-3711
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. • http://www.openwall.com/lists/oss-security/2021/08/26/2 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46 https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E https://security.gentoo.org/glsa/202209-02 https://security.ge • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •